Skip to main content

Learn about security log events recorded for your personal account.

Note: This article contains the events that may appear in your user account's security log. For the events that can appear in an organization's audit log, see "Audit log events for your organization."

About security log events

The name for each audit log entry is composed of a category of events, followed by an operation type. For example, the repo.create entry refers to the create operation on the repo category. The reference information in this article is grouped by categories.

account

ActionDescription
account.plan_changeThe account's plan changed.

actions_cache

ActionDescription
actions_cache.deleteA GitHub Actions cache was deleted using the REST API.

artifact

ActionDescription
artifact.destroyA workflow run artifact was manually deleted.

billing

ActionDescription
billing.change_billing_typeThe way the account pays for GitHub was changed.
billing.change_emailThe billing email address changed.

business

ActionDescription
business.set_actions_fork_pr_approvals_policyThe policy for requiring approvals for workflows from public forks was changed for an enterprise.
business.set_actions_private_fork_pr_approvals_policyThe policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an enterprise.
business.set_actions_retention_limitThe retention period for GitHub Actions artifacts and logs was changed for an enterprise.
business.set_default_workflow_permissionsThe default permissions granted to the GITHUB_TOKEN when running workflows were changed for an enterprise.
business.set_fork_pr_workflows_policyThe policy for fork pull request workflows was changed for an enterprise.
business.set_workflow_permission_can_approve_prThe policy for allowing GitHub Actions to create and approve pull requests was changed for an enterprise.

checks

ActionDescription
checks.auto_trigger_disabledAutomatic creation of check suites was disabled on a repository in the organization or enterprise.
checks.auto_trigger_enabledAutomatic creation of check suites was enabled on a repository in the organization or enterprise.
checks.delete_logsLogs in a check suite were deleted.

codespaces

ActionDescription
codespaces.allow_permissionsA codespace using custom permissions from its devcontainer.json file was launched.
codespaces.connectCredentials for a codespace were refreshed.
codespaces.createA codespace was created
codespaces.destroyA user deleted a codespace.
codespaces.export_environmentA codespace was exported to a branch on GitHub.
codespaces.restoreA codespace was restored.
codespaces.start_environmentA codespace was started.
codespaces.suspend_environmentA codespace was stopped.
codespaces.trusted_repositories_access_updateA personal account's access and security setting for Codespaces were updated.

copilot

ActionDescription
copilot.cfb_seat_addedA Copilot Business or Copilot Enterprise seat was added for a user and they have received access to GitHub Copilot. This can occur as the result of directly assigning a seat for a user, assigning a seat for a team, or setting the organization to allow access for all members.
copilot.cfb_seat_assignment_createdA Copilot Business or Copilot Enterprise seat assignment was newly created for a user or a team, and seats are being created.
copilot.cfb_seat_assignment_refreshedA seat assignment that was previously pending cancellation was re-assigned and the user will retain access to Copilot.
copilot.cfb_seat_assignment_reusedA Copilot Business or Copilot Enterprise seat assignment was re-created for a user who already had a seat with no pending cancellation date, and the user will retain access to Copilot.
copilot.cfb_seat_assignment_unassignedA user or team's Copilot Business or Copilot Enterprise seat assignment was unassigned, and the user(s) will lose access to Copilot at the end of the current billing cycle.
copilot.cfb_seat_cancelledA user's Copilot Business or Copilot Enterprise seat was canceled, and the user no longer has access to Copilot.
copilot.cfb_seat_cancelled_by_staffA user's Copilot Business or Copilot Enterprise seat was canceled manually by GitHub staff, and the user no longer has access to Copilot.

dependabot_alerts

ActionDescription
dependabot_alerts.disableDependabot alerts were disabled for all existing repositories.
dependabot_alerts.enableDependabot alerts were enabled for all existing repositories.

dependabot_alerts_new_repos

ActionDescription
dependabot_alerts_new_repos.disableDependabot alerts were disabled for all new repositories.
dependabot_alerts_new_repos.enableDependabot alerts were enabled for all new repositories.

dependabot_repository_access

ActionDescription
dependabot_repository_access.repositories_updatedThe repositories that Dependabot can access were updated.

dependabot_security_updates

ActionDescription
dependabot_security_updates.disableDependabot security updates were disabled for all existing repositories.
dependabot_security_updates.enableDependabot security updates were enabled for all existing repositories.

dependabot_security_updates_new_repos

ActionDescription
dependabot_security_updates_new_repos.disable Dependabot security updates were disabled for all new repositories.
dependabot_security_updates_new_repos.enableDependabot security updates were enabled for all new repositories.

dependency_graph

ActionDescription
dependency_graph.disableThe dependency graph was disabled for all existing repositories.
dependency_graph.enableThe dependency graph was enabled for all existing repositories.

dependency_graph_new_repos

ActionDescription
dependency_graph_new_repos.disableThe dependency graph was disabled for all new repositories.
dependency_graph_new_repos.enableThe dependency graph was enabled for all new repositories.

environment

ActionDescription
environment.add_protection_ruleA GitHub Actions deployment protection rule was created via the API.
environment.create_actions_secretA secret was created for a GitHub Actions environment.
environment.create_actions_variableA variable was created for a GitHub Actions environment.
environment.deleteAn environment was deleted.
environment.remove_actions_secretA secret was deleted for a GitHub Actions environment.
environment.remove_actions_variableA variable was deleted for a GitHub Actions environment.
environment.remove_protection_ruleA GitHub Actions deployment protection rule was deleted via the API.
environment.update_actions_secretA secret was updated for a GitHub Actions environment.
environment.update_actions_variableA variable was updated for a GitHub Actions environment.
environment.update_protection_ruleA GitHub Actions deployment protection rule was updated via the API.

gist

ActionDescription
gist.createA gist was created.
gist.destroyA gist was deleted.
gist.visibility_changeThe visibility of a gist was updated.

git_signing_ssh_public_key

ActionDescription
git_signing_ssh_public_key.createAn SSH key was added to a user account as a Git commit signing key.
git_signing_ssh_public_key.deleteAn SSH key was removed from a user account as a Git commit signing key.

hook

ActionDescription
hook.active_changedA hook's active status was updated.
hook.config_changedA hook's configuration was changed.
hook.createA new hook was added.
hook.destroyA hook was deleted.
hook.events_changedA hook's configured events were changed.

integration

ActionDescription
integration.createA GitHub App was created.
integration.destroyA GitHub App was deleted.
integration.manager_addedA member of an enterprise or organization was added as a GitHub App manager.
integration.manager_removedA member of an enterprise or organization was removed from being a GitHub App manager.
integration.remove_client_secretA client secret for a GitHub App was removed.
integration.revoke_all_tokensAll user tokens for a GitHub App were requested to be revoked.
integration.revoke_tokensToken(s) for a GitHub App were revoked.
integration.suspendA GitHub App was suspended.
integration.transferOwnership of a GitHub App was transferred to another user or organization.
integration.unsuspendA GitHub App was unsuspended.

integration_installation

ActionDescription
integration_installation.createA GitHub App was installed.
integration_installation.destroyA GitHub App was uninstalled.
integration_installation.repositories_addedRepositories were added to a GitHub App.
integration_installation.repositories_removedRepositories were removed from a GitHub App.
integration_installation.suspendA GitHub App was suspended.
integration_installation.unsuspendA GitHub App was unsuspended.
integration_installation.version_updatedPermissions for a GitHub App were updated.

marketplace_agreement_signature

ActionDescription
marketplace_agreement_signature.createThe GitHub Marketplace Developer Agreement was signed.

marketplace_listing

ActionDescription
marketplace_listing.approveA listing was approved for inclusion in GitHub Marketplace.
marketplace_listing.change_categoryA category for a listing for an app in GitHub Marketplace was changed.
marketplace_listing.createA listing for an app in GitHub Marketplace was created.
marketplace_listing.delistA listing was removed from GitHub Marketplace.
marketplace_listing.redraftA listing was sent back to draft state.
marketplace_listing.rejectA listing was not accepted for inclusion in GitHub Marketplace.

migration

ActionDescription
migration.createA migration file was created for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance.

oauth_access

ActionDescription
oauth_access.createAn OAuth access token was generated.
oauth_access.destroyAn OAuth access token was deleted.
oauth_access.regenerateAn OAuth access token was regenerated.
oauth_access.updateAn OAuth access token was updated.

oauth_application

ActionDescription
oauth_application.createAn OAuth application was created.
oauth_application.destroyAn OAuth application was deleted.
oauth_application.generate_client_secretAn OAuth application's secret key was generated.
oauth_application.remove_client_secretAn OAuth application's secret key was deleted.
oauth_application.reset_secretThe secret key for an OAuth application was reset.
oauth_application.revoke_all_tokensAll user tokens for an OAuth application were requested to be revoked.
oauth_application.revoke_tokensToken(s) for an OAuth application were revoked.
oauth_application.transferAn OAuth application was transferred from one account to another.

oauth_authorization

ActionDescription
oauth_authorization.createAn authorization for an OAuth application was created.
oauth_authorization.destroyAn authorization for an OAuth application was deleted.

org

ActionDescription
org.add_memberA user joined an organization.
org.add_outside_collaboratorAn outside collaborator was added to a repository.
org.advanced_security_disabled_for_new_reposGitHub Advanced Security was disabled for new repositories in an organization.
org.advanced_security_disabled_on_all_reposGitHub Advanced Security was disabled for all repositories in an organization.
org.advanced_security_enabled_for_new_reposGitHub Advanced Security was enabled for new repositories in an organization.
org.advanced_security_enabled_on_all_reposGitHub Advanced Security was enabled for all repositories in an organization.
org.remove_memberA member was removed from an organization, either manually or due to a two-factor authentication requirement.
org.security_center_export_coverageA CSV export was requested on the Coverage page.
org.security_center_export_overview_dashboardA CSV export was requested on the Overview Dashboard page.
org.security_center_export_riskA CSV export was requested on the Risk page.
org.set_actions_fork_pr_approvals_policyThe setting for requiring approvals for workflows from public forks was changed for an organization.
org.set_actions_private_fork_pr_approvals_policyThe policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for an organization.
org.set_actions_retention_limitThe retention period for GitHub Actions artifacts and logs in an organization was changed.
org.set_default_workflow_permissionsThe default permissions granted to the GITHUB_TOKEN when running workflows were changed for an organization.
org.set_fork_pr_workflows_policyThe policy for workflows on private repository forks was changed.
org.set_workflow_permission_can_approve_prThe policy for allowing GitHub Actions to create and approve pull requests was changed for an organization.
org.update_memberA person's role was changed from owner to member or member to owner.
org.update_member_repository_creation_permissionThe create repository permission for organization members was changed.
org.update_member_repository_invitation_permissionAn organization owner changed the policy setting for organization members inviting outside collaborators to repositories.

pages_protected_domain

ActionDescription
pages_protected_domain.createA GitHub Pages verified domain was created for an organization or enterprise.
pages_protected_domain.deleteA GitHub Pages verified domain was deleted from an organization or enterprise.
pages_protected_domain.verifyA GitHub Pages domain was verified for an organization or enterprise.

passkey

ActionDescription
passkey.registerA new passkey was added.
passkey.removeA new passkey was removed.

payment_method

ActionDescription
payment_method.createA new payment method was added, such as a new credit card or PayPal account.
payment_method.removeA payment method was removed.
payment_method.updateAn existing payment method was updated.

personal_access_token

ActionDescription
personal_access_token.access_grantedA fine-grained personal access token was granted access to resources.
personal_access_token.access_revokedA fine-grained personal access token was revoked. The token can still read public organization resources.
personal_access_token.createTriggered when you create a fine-grained personal access token.
personal_access_token.credential_regeneratedTriggered when you regenerate a fine-grained personal access token.
personal_access_token.credential_revokedA fine-grained personal access token was revoked by GitHub Advanced Security.
personal_access_token.destroyTriggered when you delete a fine-grained personal access token.
personal_access_token.request_cancelledA pending request for a fine-grained personal access token to access organization resources was canceled.
personal_access_token.request_createdTriggered when a fine-grained personal access token was created to access organization resources and the organization requires approval before the token can access organization resources.
personal_access_token.request_deniedA request for a fine-grained personal access token to access organization resources was denied.
personal_access_token.updateA fine-grained personal access token was updated.

profile_picture

ActionDescription
profile_picture.updateA profile picture was updated.

project

ActionDescription
project.accessA project board visibility was changed.
project.closeA project board was closed.
project.createA project board was created.
project.deleteA project board was deleted.
project.linkA repository was linked to a project board.
project.openA project board was reopened.
project.renameA project board was renamed.
project.unlinkA repository was unlinked from a project board.
project.update_org_permissionThe project's base-level permission for all organization members was changed or removed.
project.update_team_permissionA team's project board permission level was changed or when a team was added or removed from a project board.
project.update_user_permissionA user was added to or removed from a project board or had their permission level changed.
project.visibility_privateA project's visibility was changed from public to private.
project.visibility_publicA project's visibility was changed from private to public.

project_collaborator

ActionDescription
project_collaborator.addA collaborator was added to a project.
project_collaborator.removeA collaborator was removed from a project.
project_collaborator.updateA project collaborator's permission level was changed.

project_field

ActionDescription
project_field.createA field was created in a project board.
project_field.deleteA field was deleted in a project board.

project_view

ActionDescription
project_view.createA view was created in a project board.
project_view.deleteA view was deleted in a project board.

protected_branch

ActionDescription
protected_branch.update_merge_queue_enforcement_levelEnforcement of the merge queue was modified for a branch.

public_key

ActionDescription
public_key.createAn SSH key was added to a user account or a deploy key was added to a repository.
public_key.deleteAn SSH key was removed from a user account or a deploy key was removed from a repository.
public_key.unverification_failureA user account's SSH key or a repository's deploy key was unable to be unverified.
public_key.unverifyA user account's SSH key or a repository's deploy key was unverified.
public_key.updateA user account's SSH key or a repository's deploy key was updated.
public_key.verification_failureA user account's SSH key or a repository's deploy key was unable to be verified.
public_key.verifyA user account's SSH key or a repository's deploy key was verified.

repo

ActionDescription
repo.accessThe visibility of a repository changed.
repo.actions_enabledGitHub Actions was enabled for a repository.
repo.add_memberA collaborator was added to a repository.
repo.add_topicA topic was added to a repository.
repo.advanced_security_disabledGitHub Advanced Security was disabled for a repository.
repo.advanced_security_enabledGitHub Advanced Security was enabled for a repository.
repo.archivedA repository was archived.
repo.change_merge_settingPull request merge options were changed for a repository.
repo.code_scanning_analysis_deletedCode scanning analysis for a repository was deleted.
repo.code_scanning_configuration_for_branch_deletedA code scanning configuration for a branch of a repository was deleted.
repo.config.disable_collaborators_onlyThe interaction limit for collaborators only was disabled.
repo.config.disable_contributors_onlyThe interaction limit for prior contributors only was disabled in a repository.
repo.config.disable_sockpuppet_disallowedThe interaction limit for existing users only was disabled in a repository.
repo.config.enable_collaborators_onlyThe interaction limit for collaborators only was enabled in a repository Users that are not collaborators or organization members were unable to interact with a repository for a set duration.
repo.config.enable_contributors_onlyThe interaction limit for prior contributors only was enabled in a repository Users that are not prior contributors, collaborators or organization members were unable to interact with a repository for a set duration.
repo.config.enable_sockpuppet_disallowedThe interaction limit for existing users was enabled in a repository New users aren't able to interact with a repository for a set duration Existing users of the repository, contributors, collaborators or organization members are able to interact with a repository.
repo.createA repository was created.
repo.create_actions_secretA GitHub Actions secret was created for a repository.
repo.create_actions_variableA GitHub Actions variable was created for a repository.
repo.create_integration_secretA Codespaces or Dependabot secret was created for a repository.
repo.destroyA repository was deleted.
repo.pages_cnameA GitHub Pages custom domain was modified in a repository.
repo.pages_createA GitHub Pages site was created.
repo.pages_destroyA GitHub Pages site was deleted.
repo.pages_https_redirect_disabledHTTPS redirects were disabled for a GitHub Pages site.
repo.pages_https_redirect_enabledHTTPS redirects were enabled for a GitHub Pages site.
repo.pages_privateA GitHub Pages site visibility was changed to private.
repo.pages_publicA GitHub Pages site visibility was changed to public.
repo.pages_soft_deleteA GitHub Pages site was soft-deleted because its owner's plan changed.
repo.pages_soft_delete_restoreA GitHub Pages site that was previously soft-deleted was restored.
repo.pages_sourceA GitHub Pages source was modified.
repo.register_self_hosted_runnerA new self-hosted runner was registered.
repo.remove_actions_secretA GitHub Actions secret was deleted for a repository.
repo.remove_actions_variableA GitHub Actions variable was deleted for a repository.
repo.remove_integration_secretA Codespaces or Dependabot secret was deleted for a repository.
repo.remove_memberA collaborator was removed from a repository.
repo.remove_self_hosted_runnerA self-hosted runner was removed.
repo.remove_topicA topic was removed from a repository.
repo.renameA repository was renamed.
repo.set_actions_fork_pr_approvals_policyThe setting for requiring approvals for workflows from public forks was changed for a repository.
repo.set_actions_private_fork_pr_approvals_policyThe policy for requiring approval for fork pull request workflows from collaborators without write access to private repos was changed for a repository.
repo.set_actions_retention_limitThe retention period for GitHub Actions artifacts and logs in a repository was changed.
repo.set_default_workflow_permissionsThe default permissions granted to the GITHUB_TOKEN when running workflows were changed for a repository.
repo.set_fork_pr_workflows_policyTriggered when the policy for workflows on private repository forks is changed.
repo.set_workflow_permission_can_approve_prThe policy for allowing GitHub Actions to create and approve pull requests was changed for a repository.
repo.staff_unlockAn enterprise owner or GitHub staff (with permission from a repository administrator) temporarily unlocked the repository.
repo.temporary_access_grantedTemporary access was enabled for a repository.
repo.transferA user accepted a request to receive a transferred repository.
repo.transfer_outgoingA repository was transferred to another repository network.
repo.transfer_startA user sent a request to transfer a repository to another user or organization.
repo.unarchivedA repository was unarchived.
repo.update_actions_access_settingsThe setting to control how a repository was used by GitHub Actions workflows in other repositories was changed.
repo.update_actions_secretA GitHub Actions secret was updated for a repository.
repo.update_actions_settingsA repository administrator changed GitHub Actions policy settings for a repository.
repo.update_actions_variableA GitHub Actions variable was updated for a repository.
repo.update_default_branchThe default branch for a repository was changed.
repo.update_integration_secretA Codespaces or Dependabot secret was updated for a repository.
repo.update_memberA user's permission to a repository was changed.

repository_image

ActionDescription
repository_image.createAn image to represent a repository was uploaded.
repository_image.destroyAn image to represent a repository was deleted.

repository_invitation

ActionDescription
repository_invitation.acceptAn invitation to join a repository was accepted.
repository_invitation.cancelAn invitation to join a repository was canceled.
repository_invitation.createAn invitation to join a repository was sent.
repository_invitation.rejectAn invitation to join a repository was declined.

repository_ruleset

ActionDescription
repository_ruleset.createA repository ruleset was created.
repository_ruleset.destroyA repository ruleset was deleted.
repository_ruleset.updateA repository ruleset was edited.

security_key

ActionDescription
security_key.registerA security key was registered for an account.
security_key.removeA security key was removed from an account.

sponsors

ActionDescription
sponsors.agreement_signA GitHub Sponsors agreement was signed on behalf of an organization.
sponsors.custom_amount_settings_changeCustom amounts for GitHub Sponsors were enabled or disabled, or the suggested custom amount was changed.
sponsors.fiscal_host_changeThe fiscal host for a GitHub Sponsors listing was updated.
sponsors.repo_funding_links_file_actionThe FUNDING file in a repository was changed.
sponsors.sponsor_sponsorship_cancelA sponsorship was canceled.
sponsors.sponsor_sponsorship_createA sponsorship was created, by sponsoring an account.
sponsors.sponsor_sponsorship_payment_completeAfter you sponsor an account and a payment has been processed, the sponsorship payment was marked as complete.
sponsors.sponsor_sponsorship_preference_changeThe option to receive email updates from a sponsored account was changed.
sponsors.sponsor_sponsorship_tier_changeA sponsorship was upgraded or downgraded.
sponsors.sponsored_developer_approveA GitHub Sponsors account was approved.
sponsors.sponsored_developer_createA GitHub Sponsors account was created.
sponsors.sponsored_developer_disableA GitHub Sponsors account was disabled.
sponsors.sponsored_developer_profile_updateThe profile for GitHub Sponsors account was edited.
sponsors.sponsored_developer_redraftA GitHub Sponsors account was returned to draft state from approved state.
sponsors.sponsored_developer_request_approvalAn application for GitHub Sponsors was submitted for approval.
sponsors.sponsored_developer_tier_description_updateThe description for a sponsorship tier was changed.
sponsors.sponsored_developer_update_newsletter_sendTriggered when you send an email update to your sponsors.
sponsors.sponsors_patreon_user_createA Patreon account was linked to a user account for use with GitHub Sponsors.
sponsors.sponsors_patreon_user_destroyA Patreon account for use with GitHub Sponsors was unlinked from a user account.
sponsors.update_tier_repositoryA GitHub Sponsors tier changed access for a repository.
sponsors.update_tier_welcome_messageThe welcome message for a GitHub Sponsors tier for an organization was updated.
sponsors.waitlist_joinYou join the waitlist to join GitHub Sponsors.
sponsors.withdraw_agreement_signatureA signature was withdrawn from a GitHub Sponsors agreement that applies to an organization.

successor_invitation

ActionDescription
successor_invitation.acceptTriggered when you accept a succession invitation.
successor_invitation.cancelTriggered when you cancel a succession invitation.
successor_invitation.createTriggered when you create a succession invitation.
successor_invitation.declineTriggered when you decline a succession invitation.
successor_invitation.revokeTriggered when you revoke a succession invitation.

trusted_device

ActionDescription
trusted_device.registerA new trusted device was added.
trusted_device.removeA trusted device was removed.

two_factor_authentication

ActionDescription
two_factor_authentication.add_factorA secondary authentication factor was added to a user account.
two_factor_authentication.disabledTwo-factor authentication was disabled for a user account.
two_factor_authentication.enabledTwo-factor authentication was enabled for a user account.
two_factor_authentication.password_reset_fallback_smsA one-time password code was sent to a user account fallback phone number.
two_factor_authentication.recovery_codes_regeneratedTwo factor recovery codes were regenerated for a user account.
two_factor_authentication.remove_factorA secondary authentication factor was removed from a user account.
two_factor_authentication.sign_in_fallback_smsA one-time password code was sent to a user account fallback phone number.
two_factor_authentication.update_fallbackThe two-factor authentication fallback for a user account was changed.

user

ActionDescription
user.add_emailAn email address was added to a user account.
user.async_deleteAn asynchronous job was started to destroy a user account, eventually triggering a user.delete event.
user.audit_log_exportAudit log entries were exported.
user.block_userA user was blocked by another user.
user.change_passwordA user changed their password.
user.codespaces_trusted_repo_access_grantedTriggered when you allow the codespaces you create for a repository to access other repositories owned by your personal account.
user.codespaces_trusted_repo_access_revokedTriggered when you disallow the codespaces you create for a repository to access other repositories owned by your personal account.
user.createA new user account was created.
user.create_integration_secretA user secret for Codespaces was created.
user.creation_rate_limit_exceededThe rate of creation of user accounts, applications, issues, pull requests or other resources exceeded the configured rate limits, or too many users were followed too quickly.
user.deleteA user account was destroyed by an asynchronous job.
user.demoteA site administrator was demoted to an ordinary user account.
user.destroyA user deleted his or her account, triggering user.async_delete.
user.failed_loginA user tried to sign in with an incorrect username, password, or two-factor authentication code.
user.forgot_passwordA user requested a password reset.
user.hide_private_contributions_countA user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now hidden.
user.loginA user signed in.
user.logoutA user signed out.
user.new_device_usedA user signed in from a new device.
user.promoteAn ordinary user account was promoted to a site administrator.
user.recreateA user's account was restored.
user.remove_emailAn email address was removed from a user account.
user.remove_integration_secretA user secret for Codespaces was deleted.
user.renameA username was changed.
user.reset_passwordA user reset their account password.
user.show_private_contributions_countA user changed the visibility of their private contributions. The number of contributions to private repositories on the user's profile are now shown.
user.sign_in_from_unrecognized_deviceA user signed in from an unrecognized device.
user.sign_in_from_unrecognized_device_and_locationA user signed in from an unrecognized device and location.
user.suspendA user account was suspended.
user.two_factor_challenge_failureA 2FA challenge issued for a user account failed.
user.two_factor_challenge_successA 2FA challenge issued for a user account succeeded.
user.two_factor_recoverA user used their 2FA recovery codes.
user.two_factor_recovery_codes_downloadedA user downloaded 2FA recovery codes for their account.
user.two_factor_recovery_codes_printedA user printed 2FA recovery codes for their account.
user.two_factor_recovery_codes_viewedA user viewed 2FA recovery codes for their account.
user.two_factor_requestedA user was prompted for a two-factor authentication code.
user.unblock_userA user was unblocked by another user.
user.unsuspendA user account was unsuspended.
user.update_integration_secretA user secret for Codespaces was updated.

user_email

ActionDescription
user_email.confirm_claimAn enterprise managed user claimed an email address.

user_status

ActionDescription
user_status.destroyTriggered when you clear the status on your profile.
user_status.updateTriggered when you set or change the status on your profile.

workflows

ActionDescription
workflows.approve_workflow_jobA workflow job was approved.
workflows.delete_workflow_runA workflow run was deleted.
workflows.disable_workflowA workflow was disabled.
workflows.enable_workflowA workflow was enabled, after previously being disabled by disable_workflow.
workflows.pin_workflowA workflow was pinned.
workflows.reject_workflow_jobA workflow job was rejected.
workflows.unpin_workflowA workflow was unpinned after previously being pinned.